TLS encryption (HTTPS)

We offer free TLS certificates to everyone, provided by Let's
Encrypt. HTTPS
stands for Hyper Text Transfer Protocol over SSL and is the secure alternative to
HTTP. Nowadays we usually talk about SSL's successor: 'TLS', which is more
secure and still maintained. TLS has 2 main features:

Authentication: You need be able to trust that the server you are connecting
is authentic.

Encryption: The encryption TLS provides makes sure you and the server you
are connected to are the only ones to know what you are communicating
about.

You can turn on Let's Encrypt TLS for your own domain by login in as a
webmaster in our Cosmos Service
Centre. Go to Hosting > TLS Settings and
turn on TLS for your preferred (sub)domain.

Enabling TLS for an existing website

Via the Cosmos Service Centre
you can easily turn on Let's Encrypt TLS certificates for several (sub)domains.

Enabling TLS

If your sub domains are configured correctly, go within the Cosmos Service
Centre to Hosting > TLS Settings. Select 'TLS Enabled' for the desired
(sub)domain.

Next, check your website via https:// (for instance https://greenblog.nl) and
check if your website is working correctly. Check if you can see a green lock in
the address bar: this shows you that the connection with your website is is
encrypted and secure.

If not everything is configured correctly, it's is possible that you don't see a
lock at all, or an orange lock, or a lock with a warning triangle. This means
that part of your website is not transferred via TLS. Images from an external
source are not automatically sent through the TLS-connection when there is
'http://' in the link to the image. It is possible that you don't see a green
lock because external images are sent over an insecure connection. Click on the
icon to the left of the URL in the address bar to see which part of the website
is not yet send securely.

If you have a WordPress website and the green lock did not appear, please follow
this manual (link) on how to adjust your WordPress website to make it suitable
for TLS.

Is everything working fine? Then we can force the https connection.

Forcing TLS

After thoroughly testing your website with TLS enabled, go back to the Cosmos
Service Centre, Hosting > TLS Settings and turn on 'Force TLS' for the
(sub)domain you tested. All the visitors of your website will use the TLS
connection automatically from now on.

Important: If you have a WordPress site, you should now edit your site settings
in wp-admin to change the 'Wordpress address' and the 'Site address' from
'http://…' to 'https://…'

WordPress website compatibility

In this manual we're going to describe how you can change the links of the files
of an existing WordPress website automatically to relative ('//') links, to
arrange that you'll get a green lock in your address bar. We recommend the
WordPress plug-in Better Search Replace.

Follow these steps to change the links of all the documents on your website to
work with https:

In case it is, it will only give you an overview of the links that are going to be converted.

In case it's not selected it will convert the links right away.

Visit the https:// version of your website (for instance
https://greenblog.nl) and check if the website is still working accordingly.
Check if you see the green lock icon in the address bar, if so, this means
that your connection with your website is authentic and encrypted.

In your WordPress website's wp-admin, go to 'Settings' and change the
WordPress address and Site address from 'http://…' to 'https://…', for
instance from http://greenblog.nl to https://greenblog.nl.

Go back to the Cosmos Service Centre, Hosting > TLS settings and enable
'Force TLS' for the (sub)domain that your wordpress runs on. All your
visitors will now automatically connect through TLS when they visit your
website.

From GlobalSign SSL to Let's Encrypt

Below are the steps you need to take to change from an SSL certificate to a TLS
certificate of Let's Encrypt.

Read all steps first so that you know what to do and you are always prepared for
the next step. Please note, the website will be offline for some minutes during
this process.

Modifying the A record

Login to the Cosmos Service Centre, select the domain on which you want to
setup Let's Encrypt TLS

Go to Hosting > DNS Records.

Look at the current TTL (Time To Live) value of the domain, this is the time
duration in seconds that the record can be cached in name servers of
internet providers. If no value is entered, the default is 3600 (1 hour).

At the A record of the (sub)domain that we are modifying, edit the TTL to
60.

Before going to the next step, wait for the time period that the TTL was set
at step 3.

Editing the IP address

Go to the Cosmos Service Centre again, select the particular domain

Go to Hosting > DNS Records

Make a note of the current IP address at the A record that we will modify
and keep it.

Change the destination of the particular A record to the IP address of the
hosting package. This IP address can be found above the DNS settings table.
Your website is now temporarily offline. Execute the following steps as soon
as possible after the previous steps.

Enable TLS Let's Encrypt

In the Cosmos Service Centre go to Hosting > TLS Instellingen.

Enable TLS for the desired (sub)domain by turning on the 'TLS Enabled'
button.

Check that your website is online via an https:// connection

If your website is visible again, you can force TLS by clicking on 'Force
TLS'. 5. Check that your website is forcing TLS by entering the http://
address which should then change immediately to https://

Send an email to support from the email address that we know with a request
in it to cancel the SSL certificate per the first date possible. If
something goes wrong at step 2, 3 or 4 and the site is not (via https)
available, modify the A record back to the original IP address
configuration. Within a few minutes the old configuration should work again.
Notify the helpdesk of the problem.

HSTS Strict Transport Security

HTTP Strict Transport Security (HSTS) is a way for web servers to tell your
browser that the website you are visiting will always have TLS enabled, and that
if in the future TLS is not enabled, it should not connect to the web server. It
is important to note that TLS does two things.
One of those is to protect the connection with a layer of encryption.
The other less commonly known feature of TLS is that it checks the validity of
the server you are connecting to. In other words, it protects you from
connecting to a fraudulent server.

With HSTS enabled, after you visit a website for the first time, the browser
will remember that the website will support TLS for at least the next 6 months.
Note that this means that you need to keep TLS enabled for at least 6 months
after you disable HSTS. Please test that all the features of your website work
well with TLS enabled, before you enable HSTS.